Saturday, May 4, 2013

Node, Ubuntu Security POC

For my Ubuntu configuration of Node.js, there were six parts...listed below.  

The basic flow is for a router to forward to the port where the proxy is listening.  The iptables configuration allows non-LAN originated traffic to connect only to this proxy port.  This port is configured only for SSL.  

When the user hits the proxy port the user's browser is requested to provide its SSL client certificate.  If successful, the user attempts to authenticate with the primary Node.js application using the Node.js Passport module.  Authentication will be discussed in a later post.

1.  Node-http-proxy:

2.  SSL:

3.  Node SSL configuration:

4.  Browser SSL configuration:

  • The client certificates from step 2 will need to be manually loaded into each user's browser.  On the iPad, it seems that the certificates are only recognized by the Safari browser and not Chrome.

5.  Upstart Script:

6.  Monit Script:

  • To monitor the server, the Node-http-proxy, and the primary Node.js processes, I used Monit.  The instructions at the following link were helpful:
  • See my Monit script on my Monit Script page in the nav bar.

Saturday, April 27, 2013

Node, Rabbit, Ubuntu Tech POC

For the machine hosting Node.js and RabbitMQ, I am using Ubuntu Linux 12.04 LTS Server 32-bit.  Here are the high level configuration steps:

  1. Download and install Ubuntu ( on the target machine.
  2. Install the Gnome Classic desktop.
  3. Configure a static IP address for your server...I found this link helpful:
  4. Configure VNC...this link was helpful: 
  5. Configure FTP...this link was helpful:
  6. Install's the link:
  7. Install RabbitMQ:
  8. Secure the server:

That's about it ...

And at this point it cannot be accessed from the internet...only on the LAN.

Saturday, April 20, 2013

More Thoughts On High Level System Requirements

I've started with three simultaneous projects:

  • Building a backtester that can use both end-of-day (EOD) data and 15 minute data.
    • Using java for the algo components
    • EOD data from
    • 15-minute data from
    • The data was loaded into a MySQL database with one table per symbol
      • The 15-minute data is requiring between 10GB and 25GB per table for five years of data.
      • The EOD data is requiring between 100MB and 700MB per table for two to five years of data
      • Also created tables:
        • containing the dates of market holidays -- will need to update this table annually -- possibly
        • containing options expiration dates for indexes for the last five years
      • Besides the MySQL Workbench, I am also using HeidiSQL and Navicat for MySQL.

  • Building a proof of concept (POC) of the end-to-end infrastructure required to run a live trading algorithm.  So far, I have built components to test
    • SSL from the browser to Node.js
    • Client certificates
    • Browser authentication with Node.js using the Passport.js module integrating with MySQL
    • Streaming data from a java process to RabbitMQ to Node.js to a Dojo table in a browser.
    • Java polling for data from Yahoo
    • Java streaming data via a DDE connection from ThinkOrSwim 

  • Building the trading system.
    • Just in the design phase at this point.  Will need at least the following components:
      • User Interface (Node.js)
      • Strategy Manager
      • Position Manager
      • Risk Manager
      • Broker Connector (streaming and FIX)
      • DB Connector (to MySQL)
      • Order Manager
      • Account Manager
      • Communications Manager
      • Message Bus - (RabbitMQ or similar)

Saturday, April 13, 2013

Thoughts On High Level Trading System Requirements

Some thoughts on very high-level requirements...

  • I'd like to be able to be able to monitor, modify and run this system from a browser...preferably a browser on my tablet.

  • Will need to stream real-time algorithm status ...trades, current P&L, risk, a browser.

  • Technology thoughts:
    • Use SSL, client certificates, and userid/password to login to the system.
    • Use the Dojo library for browser based, updating tables.
    • Use Node.js to stream realtime updates to a browser...using websockets/
    • Use RabbitMQ to send data to Node.js...amqp.
    • Use multiple java components (possibly running as individual processes) as the core of the system.  These components will send/receive updates to/from Node.js via RabbitMQ.
    • The java components will receive option data - TBD
    • The java components will send/receive order information via FIX/QuickFIX/J
    • The java components will receive account updates via FIX/QuickFIX/J or a broker API.